adyya-flake/services/postgres/postgres.mod.nix

{
  fructose.modules = [
    /*
      (
        { config, pkgs, lib, ... }:
        {
          systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity";
          services.postgresql = {
            enable = true;
            checkConfig = true;
            package = pkgs.postgresql_17;
            dataDir = "/var/services/postgres/";

            ensureDatabases = [
              "forgejo"
              "gts"
            ];
            ensureUsers = [
              {
                name = "forgejo";
                ensureDBOwnership = true;
                ensureClauses = {
                  login = true;
                };
              }
              {
                name = "gts";
                ensureDBOwnership = true;
                ensureClauses = {
                  login = true;
                };
              }
            ];
            settings = {
              # connection
              listen_addresses = lib.mkForce "127.0.0.1";
              port = 5432;
              unix_socket_directories = "/var/services/postgres/postgres.sock";

              # auth
              password_encryption = "scram-sha-256";

              # ssl
              ssl = false;

              #log
              log_connections = true;
              log_directory = "/var/services/postgres/log";
              logging_collector = true;
              log_disconnections = true;
            };
          };

          services.postgresqlBackup = {
            enable = true;
            location = "/var/services/postgresbackup/";
            compression = "gzip";
            backupAll = true;
            startAt = "*-*-* 3:20:00";
          };

        #  services.pgadmin = {
        #    enable = true;
        #    initialEmail = "pgadmin@collective-conciousness.monster";
        #    initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}";
        #    openFirewall = true;
        #    port = 5050;

        #    settings = {
        #      STRICT_TRANSPORT_SECURITY_ENABLED = true;
        #      ALLOWED_HOSTS = [
        #        "127.0.0.1"
        #        "10.24.1.225"
        #        "10.24.1.196"
        #      ];
        #    };
        #  };
        }
      )
    */
    #doesn't seem to work so i'm just gonna make a container for it at the moment.
    (
      {
        config,
        pkgs,
        lib,
        ...
      }:
      {
        virtualisation.oci-containers = {
          containers.postgres = {
            image = "postgres:17";
            ports = [
              "5432:5432"
            ];
            environmentFiles = [
              "${config.sops.templates."postgresdb.env.secrets.yaml".path}"
            ];
            volumes = [
              "/var/services/postgresdb/data:/var/lib/postgresql/data/"
            ];
          };
          containers.adminer = {
            image = "adminer:latest";
            ports = [
              "5433:8080"
              "5434:53"
            ];
            dependsOn = [ "postgres" ];
          };
        };
      }
    )

  ];
}